PT-2017-6884 · Tex Live+1 · Mktexlsr+1

Jakub Wilk

Published

2017-08-25

Updated

2018-10-12

CVE-2015-5700

CVSS v3.1

6.1

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N

Name of the Vulnerable Software and Affected Versions mktexlsr versions 22855 through 36625

Description The issue allows local users to write to arbitrary files via a symlink attack.

Recommendations For versions 22855 through 36625, consider restricting access to the mktexlsr utility until a patch is available. As a temporary workaround, avoid using mktexlsr with untrusted input to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2015-5700

USN-3788-1

Affected Products

Ubuntu

Mktexlsr

PT-2017-6884 · Tex Live+1 · Mktexlsr+1

CVE-2015-5700

Weakness Enumeration

Related Identifiers

Affected Products

References · 21